Auto port-defend started

Created: Oct 17, 2019 12:28:54Latest reply: Oct 17, 2019 13:12:20 172 3 0 0
  Rewarded Hi-coins: 0 (problem resolved)

A large number of logs are generated on the switch, as shown in the following.

Can you explain and advise how to troubleshoot the issue

Oct  13 2019 15:46:31+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[0]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)

Oct  13 2019 15:43:25+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[1]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)

Oct  13 2019 15:19:59+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[2]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)

Oct  13 2019 15:02:26+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[3]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)


  • x
  • convention:

Featured Answers
Popeye_Wang
Admin Created Oct 17, 2019 12:31:03 Helpful(0) Helpful(0)

Hi Steelbule,
Please refer to the following information.

Description

Port attack defense is started.

Parameters

Parameter Name

Parameter Meaning

SourceAttackInterface

Indicates the attack source interface.

AttackProtocol

Indicates the protocol type of attack packets.

Possible Causes

When the device detects attack packets on an interface, the device starts attack defense on the interface.

Procedure

1.    Check whether the attack actually occurs on the interface. //In your case the source attack from interface g 1/0/0. From command “display arp”, you can determine which terminal/device may cause the attack. You can isolate that device from network.

2.    If an attack actually occurs, locate the attack source. If no attack occurs, reconfigure the port attack defense function to ensure that valid protocol packets can be sent to the CPU.

Please see the configuration example of enabling port attack defense.

https://support.huawei.com/hedex/pages/EDOC100005797231188137/07/EDOC100005797231188137/07/resources/dc/dc_cfg_LocalAttackDefense_0055.html?ft=0&fe=10&hib=10.3.13.4.6.1&id=dc_cfg_LocalAttackDefense_0055&text=Example%20for%20Configuring%20Local%20Attack%20Defense&docid=EDOC1000057972


  • x
  • convention:

All Answers
Popeye_Wang
Popeye_Wang Admin Created Oct 17, 2019 12:31:03 Helpful(0) Helpful(0)

Hi Steelbule,
Please refer to the following information.

Description

Port attack defense is started.

Parameters

Parameter Name

Parameter Meaning

SourceAttackInterface

Indicates the attack source interface.

AttackProtocol

Indicates the protocol type of attack packets.

Possible Causes

When the device detects attack packets on an interface, the device starts attack defense on the interface.

Procedure

1.    Check whether the attack actually occurs on the interface. //In your case the source attack from interface g 1/0/0. From command “display arp”, you can determine which terminal/device may cause the attack. You can isolate that device from network.

2.    If an attack actually occurs, locate the attack source. If no attack occurs, reconfigure the port attack defense function to ensure that valid protocol packets can be sent to the CPU.

Please see the configuration example of enabling port attack defense.

https://support.huawei.com/hedex/pages/EDOC100005797231188137/07/EDOC100005797231188137/07/resources/dc/dc_cfg_LocalAttackDefense_0055.html?ft=0&fe=10&hib=10.3.13.4.6.1&id=dc_cfg_LocalAttackDefense_0055&text=Example%20for%20Configuring%20Local%20Attack%20Defense&docid=EDOC1000057972


  • x
  • convention:

Steelblue
Steelblue Created Oct 17, 2019 13:04:00 Helpful(0) Helpful(0)

So how to detect the attack?
  • x
  • convention:

Popeye_Wang
Popeye_Wang Admin Created Oct 17, 2019 13:12:20 Helpful(0) Helpful(0)

  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login